Leadership

Video: Enable the hidden Administrator account in Windows 7 and Vista

Bill Detwiler explains how to unlock the hidden Administrator account on Windows 7 and Vista with the Computer Management console and Net User command.

It's generally not a good idea to use a true Windows administrator account for day-to-day computing. But, there are times when being logged in as a machine's local admin does make things easier. During this week's TR Dojo episode, I show you two ways to activate the hidden Administrator account on Windows 7 and Vista.

For those who prefer text to video, you can click the Transcript link that appears below the video player window or check out Greg Shultz's original article.

You can also sign up to receive the latest TR Dojo lessons through one or more of the following methods:

Follow Bill Detwiler on Twitter

Subscribe to the TR Dojo newsletter (delivered Tuesdays and Fridays)

Subscribe to the TR Dojo RSS feed

Sign up for customizable TR Dojo e-mail alerts

Access TR Dojo from your mobile device

About

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

28 comments
kaninelupus
kaninelupus

You can also activate the hidden Admin account via the Local Policy Editor (equivelent to XP's Group Policy Editor)... Open the Policy Editor (via Administrative Tool) Navigate to Local Policies > Security Options > "Accounts: Administrator account status"... open the properties for the policy entry and enable. You then need to log into said account to set password. Benefit to this way is that when ur PC hits a jam and you need the Admin account, no need to wait around while Windows builds the desktop configuration

davidchilders
davidchilders

On the rare occasion that I do supersede the administrator account, I only use it for as long as absolutely necessary - and of course I maintain a series of incredibly secure passwords for the account. I would never use the Administrator account as the day-to-day 'user' account. (The question kind of forced an Aristotelian answer.)

david.lemos
david.lemos

If you deactivate the account will it store the password?

anne.powel
anne.powel

Can't see it even when video going...no transcript.

Zee29
Zee29

The video won't start, do I need to change any settings in IE 8 ?

SgtPappy
SgtPappy

The "Hidden" Admin account is not hidden. Don't make it sound like it is something special MS did to intrigue us or that you have to make some kind of registry hack while burning incense and chanting ritual . The "builtin" admin account has been disabled by default since Windows XP at least an OEM install of the OS from Dell makes you create an Admin account when you first configure the machine or on subsequent installs later. After the install you have to follow these exact same steps to activate the builtin admin account. If you are an IT person with 6 months of experience installing Windows and didn't know how to do this basic task you are behind the power curve.

sanelepatrick
sanelepatrick

Help me understand the difference between W7 Home premium and Home Edition. W7 is so restrictive, part of the improvement of security brought some paralysis on the system.

carlosk2005
carlosk2005

What about the Administrator account on Vista Home Premium ? How do I activate it ? Thanks a lot.

Bob-El
Bob-El

I wanted to save the video for future reference so I clicked on the "download" button, selected HD format and clicked the second "download" button. It open a page at BNET (whatever that is) and there is no sign of this video anywhere that I could find on that site. What gives with that?

mutotom
mutotom

You say "For those who prefer text to video, you can click the Transcript link that appears below the video player window" but I can't see it, and the article by Shultz deals only with W7

Bill Detwiler
Bill Detwiler

In this week's TR Dojo episode, I show you how to unlock the hidden Administrator account on Windows 7 and Vista with the Computer Management console and Net User command. While it's generally not a good idea to use a true admin/root account for day-to-day computing, there are times when it makes things easier. Do you ever log in as the local admin? Take the poll in the post above and let me know. Post and poll: http://www.techrepublic.com/blog/itdojo/video-enable-the-hidden-administrator-account-in-windows-7-and-vista/2423

TG2
TG2

There isn't a Group or Local policy editor option in Vista Home ... and suspect the Win7 home is the same.. which means the command line for this would be the only way to enable the account easily.

TG2
TG2

The password is still stored ... the account inactive, will attempt login, and get dumpped back once windows realizes the account is disabled. That's if you're using the older style login not the "login screen" where you have buttons for users. You'd authenticate to windows, and then it'd dump you... in days of old.. it might take a few seconds, and you might get resource listings ... but that was addressed in future versions to curtail what leaks for inactive accounts. If memory serves there was some arguement about not dumping a user based on the name, because then you'd be able to mount a dictionary attack looking for valid user names .. ie.. administrator locked or invalid.. not dumping on just getting that "User" but waiting to deny after getting both user and password. I think there was also some tiff about having different error messages which again leaked that the account was valid rather than invalid. From the security standpoint, you don't want to give out *any* information unless both the user and password parts are valid.

mutotom
mutotom

Still the same for me too, only options are sound level, full-screen, and "other videos" -

Bill Detwiler
Bill Detwiler

You need to ensure you have the latest verson of Flash Player installed and that you're not blocking scripts from techrepublic.com, zdnet.com, bnet.com, cnet.com, or com.com. We have a shared video platform, and blocking any of those sites will prevent techrepublic videos from playing.

JCitizen
JCitizen

I believe that is how I DISABLE all of my Home users in Vista/Win7. In XP, I try Ctrl-Alt-Del twice to try to get the log box to appear; if that doesn't work, I reboot into safe mode and wallah! I always give the hidden Administrator an impossible to crack password, and then disable it using the command line in Home editions. Their will be no account controls in the admin tools on those versions, of course. I either record this password in my records, or put a post-it inside the system unit, so they can't lose it. This has kept many of my clients from getting cracked by malware on XP installations. I figure it can't hurt on Vista/Win7 either. So far I've never had to re-enable it and log in to do anything for the client.

Bill Detwiler
Bill Detwiler

I'll find out why the download video button isn't working and post an answer. I'm traveling today, so it may Monday.

Bill Detwiler
Bill Detwiler

When you mouse over the player window, a set of controls should appear at the bottom--pause, volume, etc. There should also be a menu button (I believe it's on the right). Clicking this button should get you a few options--including the ability to view the transcript.

netwerkingnut
netwerkingnut

As always, you have put together another cool presentation. Even though I already knew the steps to activate admin, I did not know the net user command. I like the addition of the bloopers at the end! Nice touch!!! JD Stewart, M.Ed.

Jaqui
Jaqui

I use su or doasroot to handle admin tasks. even when starting an lfs build, I don't login as root to do it. I use su. [ and to start an lfs build there are a number of things you need root access to set up the system for the build ]

JCitizen
JCitizen

Either you see the link or go to Greg's article. What is so difficult to understand about that?

carlosk2005
carlosk2005

Sorry... netuser didn't work in Vista Home Premuim... al least not with the same sintax that TR Dojo gave.

SgtPappy
SgtPappy

impossible password to crack? That's impossible...it's just a matter of time. Disabling the "not hidden" admin account has no effect on whether or not malware gets on your computer.

TG2
TG2

The addition of them? Bill's been doin' that (having bloopers on the end) for more than 4 years.. and every year comes out with a "Best Of" Bloopers edition.. Always fun & funny! Favorite this time? ... Is that what orchestra folk yell when cutting down trees? CYMBERS!! :)

JCitizen
JCitizen

I have to google the command line syntax everytime I do it. But the fact is the command line works for this mission. I was working with HP on one of my clients machines once, and they couldn't understand how come the hidden Administrator would not show up on the machine, and I had to explain over and over again that I had disabled it; and I couldn't remember how. After the problem was escalated to a higher lever of support; the new tech knew what I was talking about and recovered the account so the password could be used. I do this all the time - how could I be mistaken, other than in syntax? http://www.howtogeek.com/howto/windows-vista/enable-the-hidden-administrator-account-on-windows-vista/ You know what they always say about Windows don't you? It will always "[b].[/b]" and "[b]/[/b]" you right in the "[b]:[/b]" - HA!

JCitizen
JCitizen

I've had the hidden account pwned many times on client machines, and even my first W2K PC back in 2001! Of course that one isn't hidden, but none the less, I wasn't familiar with the new security standards at the time. I stand on my record, in that none of my clients, that listens to me, has been compromised in all the years that I have supported them. I use all the blended defenses, including the Microsoft built-in features. I may be wrong about the cmd line syntax, but there is one, because I always google it before doing the action, and I always find it. Sure you can crack any password, but how much is it going to cost the cracker in time and money! Something like this one: Ffkt$kl8+2b??k;Wqh6^mMnz~_-*? How many years is it going to take to crack that one - not including encryption?

Editor's Picks